Windmill
PlatformSolutionsEnterprisePricingDocs
Sign inGet started

v0.2.0 · Non-bypassable release gate

Ship to production with proof, not promises.

Forge audits every release against a 15-domain framework, scrubs secrets, and gates delivery through signed admin approval — so nothing reaches prod that hasn't been verified.

Get startedRequest demo

Why Forge

Designed for pipelines that can't afford a bypass.

Three principles differentiate Forge from off-the-shelf SAST/DAST stacks. All three are load-bearing in regulated environments.

Fail-Closed Gates

If a gate can't prove compliance, release is blocked. Safety is the default, not the override — every lane is fail-closed by construction.

Non-Bypass Guarantee

The agent audits. Humans approve. The push-service pushes. No single actor can ship unreviewed code — enforced at the protocol level, not by convention.

Framework-Enforced

One 15-domain framework (security, quality, docs, audit) — the same bar for every client, every release. Client configs layer in policy floors, never exceptions.

How it works

Five stages, every release, every time.

  1. 1

    Scan

    Discover the project, scaffold .iata/, detect stack.

  2. 2

    Audit

    Run 18 gates across security, quality, docs, audit trail.

  3. 3

    Stage

    Build a clean delivery branch; scrub secrets, archive evidence.

  4. 4

    Verify

    Signed admin approval required before any remote push.

  5. 5

    Promote

    Push-service ships the tag with its own scoped deploy key.

Modules

Four surfaces. One framework.

Scan

One-shot discovery + manifest scaffolding. No config required to start.

Audit

Deterministic gates + LLM assist. Evidence archived to the registry.

Release

Staged delivery branch, SBOM, signed tag, archive with checksums.

Approvals

Admin-only sign-off, tenant-scoped, fully audit-logged.

Industries

Built for teams whose releases matter.

Aviation & Transportation

Meet the documentation and evidence bar regulators expect.

Financial Services

Prove non-bypass to auditors; separate duties by design.

Healthcare

HIPAA-minded release trails with tamper-evident approvals.

Energy & Industrial

Supply-chain-safe releases for safety-critical software.

Ready to gate your next release?

We'll stand up a demo tenant against a repo you pick. Under 30 minutes from SSO handshake to first audit.

Get startedPricing